[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On 06/02/13 22:50, Kelly Jones wrote: > > Anyone using SPF Not I. Almost no one rejects on SPF hard fail because it gives too many false positives. Judging from mail logs on boxes that forward email without SRS, only the occasional corporate mail admin with little experience of running email servers block SPF fail outright (is it enabled by default in Exchange or something?), they usually get it knocked out of them when people complain their email isn't arriving. SPF information was fed into the scoring for spam filtering when I was doing that. The issue of course is that SPF is only slightly broken for authenticating message origin (fails on forwarding), but easily bypassed for stopping spam. During the early adoption phase of SPF there was one point where spammers were adopting SPF faster than non-spammers (presumably one of the big email providers - probably Hotmail - was letting SPF approved email through too readily), and here lies the problem with it as an anti-spam measure. Most of the unsolicited email that gets through my filters now is from SPF approved, or SPF soft fail sites. Although that may be in part that SPF hard fail is a clue used by those building RBLs that a sender is a spammer. The bigger meta problem with SPF, DKIM etc, is that it doesn't authenticate the sender, only the sending domain. The problem of authenticating the sender was already solved (twice over) when they were introduced - OpenPGP and S/MIME. To SOLVE the perceived spam problem you need to authenticate the sender, AND maintain a list of authenticated senders you want to receive messages from. For most people this throws the baby out with the bath water, as they actually want to receive email from senders they haven't white listed yet. Any system that allows this later step, messages from unknown senders, will likely allow spam at some level. In practice even modest barriers before accepting a message deter most spam. Which is why most people get more email spam than postal spam. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq